2024.04.30
NDB的lm命令很棒,很想知道它是如何实现的,念念不忘。
Target: machine aa64, kernel base 0x0, dbgdata 0x0, modhead 0x3ec555f0 orig 0x0, printk buffer 0x0 length 0x0
Target: machine aa64, kernel base 0x0, dbgdata 0x0, modhead 0x3ec555f0 orig 0x0, printk buffer 0x0 length 0x0
Loading unloaded module list
Kernel base < system range start
ZOS Kernel Version 0 SMP (1 procs) free ARMv8 64-bit
Kernel base = 0x0000000000000000 kernel module list = 0x000000003ec555f0
System uptime: not available
观察下内存,明显是个数据结构:
查下此地址,是否有符号:
ln 0`3ec555f0
(00000000`3ec555f0) DxeCore!mDebugInfoTableHeader
中奖,那容易多了,搜索此全局变量的数据类型:
看起来此处应该是EFI_DEBUG_IMAGE_INFO_NORMAL
应该就是了。
Hooray,找到第一个Module DxeCore:
检查0x63项及抽测:
dqs 0`efdea018 l63
00000000`efdea018 00000000`efdfef98
00000000`efdea020 00000000`ef358698
00000000`efdea028 00000000`ef358318
00000000`efdea030 00000000`ef326718
00000000`efdea038 00000000`ef321a98
00000000`efdea040 00000000`ef2efe18
00000000`efdea048 00000000`ef2ef818
00000000`efdea050 00000000`ef320998
00000000`efdea058 00000000`ef2fed18
00000000`efdea060 00000000`ef31fd98
00000000`efdea068 00000000`ef31f798
00000000`efdea070 00000000`ef31e698
00000000`efdea078 00000000`ef31da98
00000000`efdea080 00000000`ef31ce18
00000000`efdea088 00000000`ef311018
00000000`efdea090 00000000`ef311818
00000000`efdea098 00000000`ef319e98
00000000`efdea0a0 00000000`ef319718
00000000`efdea0a8 00000000`ef318118
00000000`efdea0b0 00000000`ef318518
00000000`efdea0b8 00000000`ef317118
00000000`efdea0c0 00000000`ef317798
00000000`efdea0c8 00000000`ef316118
00000000`efdea0d0 00000000`ef316518
00000000`efdea0d8 00000000`ef315e98
00000000`efdea0e0 00000000`ef315718
00000000`efdea0e8 00000000`ef314a18
00000000`efdea0f0 00000000`ef314718
00000000`efdea0f8 00000000`ef313a98
00000000`efdea100 00000000`ef312018
00000000`efdea108 00000000`ef31c598
00000000`efdea110 00000000`ef31dc18
00000000`efdea118 00000000`ef301c18
00000000`efdea120 00000000`ef307f98
00000000`efdea128 00000000`ef307418
00000000`efdea130 00000000`ef306618
00000000`efdea138 00000000`ef306818
00000000`efdea140 00000000`ef304898
00000000`efdea148 00000000`ef303118
00000000`efdea150 00000000`ef302d98
00000000`efdea158 00000000`ef2ffe98
00000000`efdea160 00000000`ef2ff518
00000000`efdea168 00000000`ef2faa98
00000000`efdea170 00000000`ef2f7c98
00000000`efdea178 00000000`ef2f4d18
00000000`efdea180 00000000`ef2f4c98
00000000`efdea188 00000000`ef22d418
00000000`efdea190 00000000`ef22d218
00000000`efdea198 00000000`ef224498
00000000`efdea1a0 00000000`ef225b98
00000000`efdea1a8 00000000`ef22c118
00000000`efdea1b0 00000000`ef22b018
00000000`efdea1b8 00000000`ef22b118
00000000`efdea1c0 00000000`ef228c18
00000000`efdea1c8 00000000`ef227118
00000000`efdea1d0 00000000`ef227318
00000000`efdea1d8 00000000`ef1fa998
00000000`efdea1e0 00000000`ef1f9e98
00000000`efdea1e8 00000000`ef1f9798
00000000`efdea1f0 00000000`ef1f8118
00000000`efdea1f8 00000000`ef1f8598
00000000`efdea200 00000000`ef1f7118
00000000`efdea208 00000000`ef1f7598
00000000`efdea210 00000000`ef1eb118
00000000`efdea218 00000000`ef1eb598
00000000`efdea220 00000000`ef1ea118
00000000`efdea228 00000000`ef1ea598
00000000`efdea230 00000000`ef1f4118
00000000`efdea238 00000000`ef1f4598
00000000`efdea240 00000000`ef1f3118
00000000`efdea248 00000000`ef1f3598
00000000`efdea250 00000000`ef1f2118
00000000`efdea258 00000000`ef1f2318
00000000`efdea260 00000000`ef1f1c18
00000000`efdea268 00000000`ef1f1918
00000000`efdea270 00000000`ef1f0a18
00000000`efdea278 00000000`ef1f0798
00000000`efdea280 00000000`ef1efa18
00000000`efdea288 00000000`ef1efd18
00000000`efdea290 00000000`ef1eec98
00000000`efdea298 00000000`ef1ee418
00000000`efdea2a0 00000000`efdedc98
00000000`efdea2a8 00000000`efded418
00000000`efdea2b0 00000000`efdefb18
00000000`efdea2b8 00000000`efdef718
00000000`efdea2c0 00000000`efdfcc18
00000000`efdea2c8 00000000`efdfbf18
00000000`efdea2d0 00000000`efdfb298
00000000`efdea2d8 00000000`ef171918
00000000`efdea2e0 00000000`ef181a98
00000000`efdea2e8 00000000`ef181918
00000000`efdea2f0 00000000`ef180318
00000000`efdea2f8 00000000`ef17df18
00000000`efdea300 00000000`ef17d798
00000000`efdea308 00000000`ef191d18
00000000`efdea310 00000000`ef19bf18
00000000`efdea318 00000000`ef19bc98
00000000`efdea320 00000000`eebfe318
00000000`efdea328 00000000`eeb77198
dt -b EFI_DEBUG_IMAGE_INFO_NORMAL 0`ef358698
+0x000 ImageInfoType : 1
+0x008 LoadedImageProtocolInstance : (null)
+0x010 ImageHandle : 0x00000000`ef358818
dqs 0`ef358698 l3
00000000`ef358698 00000000`00000001
00000000`ef3586a0 00000000`ef3588c0
00000000`ef3586a8 00000000`ef358818
dt -b EFI_LOADED_IMAGE_PROTOCOL 0`ef3588c0
+0x000 Revision : 0x1000
+0x008 ParentHandle : 0x00000000`efdfff98
+0x010 SystemTable : (null)
+0x018 DeviceHandle : 0x00000000`efde8998
+0x020 FilePath : (null)
+0x028 Reserved : (null)
+0x030 LoadOptionsSize : 0
+0x038 LoadOptions : (null)
+0x040 ImageBase : 0x00000000`eff8b000
+0x048 ImageSize : 0x5000
+0x050 ImageCodeType : 3 ( EfiBootServicesCode )
+0x054 ImageDataType : 4 ( EfiBootServicesData )
+0x058 Unload : (null)
[ndb]!echo "00000000`eff8b000 00000000`eff90000 StatusLedDxe (deferred)"
00000000`eff8b000 00000000`eff90000 StatusLedDxe (deferred)慢、细、笨,应该想办法测试全部项,NDB调试命令的脚本支持暂时还有待完善,那先用Excel笨办法:
dqs 0`efdfef98 l3; dqs 0`ef358698 l3; dqs 0`ef358318 l3; dqs 0`ef326718 l3; dqs 0`ef321a98 l3; dqs 0`ef2efe18 l3; dqs 0`ef2ef818 l3; dqs 0`ef320998 l3; dqs 0`ef2fed18 l3; dqs 0`ef31fd98 l3; dqs 0`ef31f798 l3; dqs 0`ef31e698 l3; dqs 0`ef31da98 l3; dqs 0`ef31ce18 l3; dqs 0`ef311018 l3; dqs 0`ef311818 l3; dqs 0`ef319e98 l3; dqs 0`ef319718 l3; dqs 0`ef318118 l3; dqs 0`ef318518 l3; dqs 0`ef317118 l3; dqs 0`ef317798 l3; dqs 0`ef316118 l3; dqs 0`ef316518 l3; dqs 0`ef315e98 l3; dqs 0`ef315718 l3; dqs 0`ef314a18 l3; dqs 0`ef314718 l3; dqs 0`ef313a98 l3; dqs 0`ef312018 l3; dqs 0`ef31c598 l3; dqs 0`ef31dc18 l3; dqs 0`ef301c18 l3; dqs 0`ef307f98 l3; dqs 0`ef307418 l3; dqs 0`ef306618 l3; dqs 0`ef306818 l3; dqs 0`ef304898 l3; dqs 0`ef303118 l3; dqs 0`ef302d98 l3; dqs 0`ef2ffe98 l3; dqs 0`ef2ff518 l3; dqs 0`ef2faa98 l3; dqs 0`ef2f7c98 l3; dqs 0`ef2f4d18 l3; dqs 0`ef2f4c98 l3; dqs 0`ef22d418 l3; dqs 0`ef22d218 l3; dqs 0`ef224498 l3; dqs 0`ef225b98 l3; dqs 0`ef22c118 l3; dqs 0`ef22b018 l3; dqs 0`ef22b118 l3; dqs 0`ef228c18 l3; dqs 0`ef227118 l3; dqs 0`ef227318 l3; dqs 0`ef1fa998 l3; dqs 0`ef1f9e98 l3; dqs 0`ef1f9798 l3; dqs 0`ef1f8118 l3; dqs 0`ef1f8598 l3; dqs 0`ef1f7118 l3; dqs 0`ef1f7598 l3; dqs 0`ef1eb118 l3; dqs 0`ef1eb598 l3; dqs 0`ef1ea118 l3; dqs 0`ef1ea598 l3; dqs 0`ef1f4118 l3; dqs 0`ef1f4598 l3; dqs 0`ef1f3118 l3; dqs 0`ef1f3598 l3; dqs 0`ef1f2118 l3; dqs 0`ef1f2318 l3; dqs 0`ef1f1c18 l3; dqs 0`ef1f1918 l3; dqs 0`ef1f0a18 l3; dqs 0`ef1f0798 l3; dqs 0`ef1efa18 l3; dqs 0`ef1efd18 l3; dqs 0`ef1eec98 l3; dqs 0`ef1ee418 l3; dqs 0`efdedc98 l3; dqs 0`efded418 l3; dqs 0`efdefb18 l3; dqs 0`efdef718 l3; dqs 0`efdfcc18 l3; dqs 0`efdfbf18 l3; dqs 0`efdfb298 l3; dqs 0`ef171918 l3; dqs 0`ef181a98 l3; dqs 0`ef181918 l3; dqs 0`ef180318 l3; dqs 0`ef17df18 l3; dqs 0`ef17d798 l3; dqs 0`ef191d18 l3; dqs 0`ef19bf18 l3; dqs 0`ef19bc98 l3; dqs 0`eebfe318 l3; dqs 0`eeb77198 l3;
00000000`efdfef98 00000000`00000001
00000000`efdfefa0 00000000`3ec53900 DxeCore!mCorePrivateImage+0x28
00000000`efdfefa8 00000000`efdfff98
00000000`ef358698 00000000`00000001
00000000`ef3586a0 00000000`ef3588c0
00000000`ef3586a8 00000000`ef358818
00000000`ef358318 00000000`00000001
00000000`ef358320 00000000`ef326cc0
00000000`ef358328 00000000`ef358618
00000000`ef326718 00000000`00000001
00000000`ef326720 00000000`ef3261c0
00000000`ef326728 00000000`ef325c18
00000000`ef321a98 00000000`00000001
00000000`ef321aa0 00000000`ef321140
00000000`ef321aa8 00000000`ef321a18
00000000`ef2efe18 00000000`00000001
00000000`ef2efe20 00000000`ef2ef040
00000000`ef2efe28 00000000`ef2efd18
00000000`ef2ef818 00000000`00000001
00000000`ef2ef820 00000000`ef2ef340
00000000`ef2ef828 00000000`ef2ef898
00000000`ef320998 00000000`00000001
00000000`ef3209a0 00000000`ef3201c0
00000000`ef3209a8 00000000`ef320918
00000000`ef2fed18 00000000`00000001
00000000`ef2fed20 00000000`ef2fe040
00000000`ef2fed28 00000000`ef320518
00000000`ef31fd98 00000000`00000001
00000000`ef31fda0 00000000`ef31f040
00000000`ef31fda8 00000000`ef2fe318
00000000`ef31f798 00000000`00000001
00000000`ef31f7a0 00000000`ef31f3c0
00000000`ef31f7a8 00000000`ef31f618
00000000`ef31e698 00000000`00000001
00000000`ef31e6a0 00000000`ef31e7c0
00000000`ef31e6a8 00000000`ef31e718
00000000`ef31da98 00000000`00000001
00000000`ef31daa0 00000000`ef31d240
00000000`ef31daa8 00000000`ef31da18
00000000`ef31ce18 00000000`00000001
00000000`ef31ce20 00000000`ef31cb40
00000000`ef31ce28 00000000`ef31cd98
00000000`ef311018 00000000`00000001
00000000`ef311020 00000000`ef31c2c0
00000000`ef311028 00000000`ef31c818
00000000`ef311818 00000000`00000001
00000000`ef311820 00000000`ef311140
00000000`ef311828 00000000`ef311e98
00000000`ef319e98 00000000`00000001
00000000`ef319ea0 00000000`ef319b40
00000000`ef319ea8 00000000`ef319e18
00000000`ef319718 00000000`00000001
00000000`ef319720 00000000`ef319140
00000000`ef319728 00000000`ef319698
00000000`ef318118 00000000`00000001
00000000`ef318120 00000000`ef318c40
00000000`ef318128 00000000`ef318f18
00000000`ef318518 00000000`00000001
00000000`ef318520 00000000`ef318240
00000000`ef318528 00000000`ef318498
00000000`ef317118 00000000`00000001
00000000`ef317120 00000000`ef317c40
00000000`ef317128 00000000`ef317f18
00000000`ef317798 00000000`00000001
00000000`ef3177a0 00000000`ef3171c0
00000000`ef3177a8 00000000`ef317718
00000000`ef316118 00000000`00000001
00000000`ef316120 00000000`ef316c40
00000000`ef316128 00000000`ef316f18
00000000`ef316518 00000000`00000001
00000000`ef316520 00000000`ef3162c0
00000000`ef316528 00000000`ef316918
00000000`ef315e98 00000000`00000001
00000000`ef315ea0 00000000`ef315b40
00000000`ef315ea8 00000000`ef315e18
00000000`ef315718 00000000`00000001
00000000`ef315720 00000000`ef315140
00000000`ef315728 00000000`ef315698
00000000`ef314a18 00000000`00000001
00000000`ef314a20 00000000`ef3140c0
00000000`ef314a28 00000000`ef314998
00000000`ef314718 00000000`00000001
00000000`ef314720 00000000`ef314440
00000000`ef314728 00000000`ef314698
00000000`ef313a98 00000000`00000001
00000000`ef313aa0 00000000`ef313c40
00000000`ef313aa8 00000000`ef313b98
00000000`ef312018 00000000`00000001
00000000`ef312020 00000000`ef3132c0
00000000`ef312028 00000000`ef313598
00000000`ef31c598 00000000`00000001
00000000`ef31c5a0 00000000`ef30a540
00000000`ef31c5a8 00000000`ef312e98
00000000`ef31dc18 00000000`00000001
00000000`ef31dc20 00000000`ef301040
00000000`ef31dc28 00000000`ef30ac18
00000000`ef301c18 00000000`00000001
00000000`ef301c20 00000000`ef3012c0
00000000`ef301c28 00000000`ef301b98
00000000`ef307f98 00000000`00000001
00000000`ef307fa0 00000000`ef307b40
00000000`ef307fa8 00000000`ef307f18
00000000`ef307418 00000000`00000001
00000000`ef307420 00000000`ef306040
00000000`ef307428 00000000`ef307398
00000000`ef306618 00000000`00000001
00000000`ef306620 00000000`ef3063c0
00000000`ef306628 00000000`ef306c18
00000000`ef306818 00000000`00000001
00000000`ef306820 00000000`ef304040
00000000`ef306828 00000000`ef306798
00000000`ef304898 00000000`00000001
00000000`ef3048a0 00000000`ef304440
00000000`ef3048a8 00000000`ef304718
00000000`ef303118 00000000`00000001
00000000`ef303120 00000000`ef3037c0
00000000`ef303128 00000000`ef303a98
00000000`ef302d98 00000000`00000001
00000000`ef302da0 00000000`ef302040
00000000`ef302da8 00000000`ef303518
00000000`ef2ffe98 00000000`00000001
00000000`ef2ffea0 00000000`ef2ffbc0
00000000`ef2ffea8 00000000`ef2ffe18
00000000`ef2ff518 00000000`00000001
00000000`ef2ff520 00000000`ef2ff240
00000000`ef2ff528 00000000`ef2ff498
00000000`ef2faa98 00000000`00000001
00000000`ef2faaa0 00000000`ef2fabc0
00000000`ef2faaa8 00000000`ef2faa18
00000000`ef2f7c98 00000000`00000001
00000000`ef2f7ca0 00000000`ef2f76c0
00000000`ef2f7ca8 00000000`ef2f7c18
00000000`ef2f4d18 00000000`00000001
00000000`ef2f4d20 00000000`ef2f4040
00000000`ef2f4d28 00000000`ef2f5a18
00000000`ef2f4c98 00000000`00000001
00000000`ef2f4ca0 00000000`ef2f01c0
00000000`ef2f4ca8 00000000`ef2f4c18
00000000`ef22d418 00000000`00000001
00000000`ef22d420 00000000`ef224040
00000000`ef22d428 00000000`ef2f0498
00000000`ef22d218 00000000`00000001
00000000`ef22d220 00000000`ef224a40
00000000`ef22d228 00000000`ef224318
00000000`ef224498 00000000`00000001
00000000`ef2244a0 00000000`ef225040
00000000`ef2244a8 00000000`ef224418
00000000`ef225b98 00000000`00000001
00000000`ef225ba0 00000000`ef2253c0
00000000`ef225ba8 00000000`ef225b18
00000000`ef22c118 00000000`00000001
00000000`ef22c120 00000000`ef22cbc0
00000000`ef22c128 00000000`ef22ce18
00000000`ef22b018 00000000`00000001
00000000`ef22b020 00000000`ef22c3c0
00000000`ef22b028 00000000`ef22c918
00000000`ef22b118 00000000`00000001
00000000`ef22b120 00000000`ef22b7c0
00000000`ef22b128 00000000`ef22bc18
00000000`ef228c18 00000000`00000001
00000000`ef228c20 00000000`ef228740
00000000`ef228c28 00000000`ef22b518
00000000`ef227118 00000000`00000001
00000000`ef227120 00000000`ef2277c0
00000000`ef227128 00000000`ef227b98
00000000`ef227318 00000000`00000001
00000000`ef227320 00000000`ef1fa040
00000000`ef227328 00000000`ef227298
00000000`ef1fa998 00000000`00000001
00000000`ef1fa9a0 00000000`ef1fa440
00000000`ef1fa9a8 00000000`ef1fa318
00000000`ef1f9e98 00000000`00000001
00000000`ef1f9ea0 00000000`ef1f9140
00000000`ef1f9ea8 00000000`ef1f9c98
00000000`ef1f9798 00000000`00000001
00000000`ef1f97a0 00000000`ef1f94c0
00000000`ef1f97a8 00000000`ef1f9718
00000000`ef1f8118 00000000`00000001
00000000`ef1f8120 00000000`ef1f8cc0
00000000`ef1f8128 00000000`ef1f8c18
00000000`ef1f8598 00000000`00000001
00000000`ef1f85a0 00000000`ef1f82c0
00000000`ef1f85a8 00000000`ef1f8518
00000000`ef1f7118 00000000`00000001
00000000`ef1f7120 00000000`ef1f7cc0
00000000`ef1f7128 00000000`ef1f7c18
00000000`ef1f7598 00000000`00000001
00000000`ef1f75a0 00000000`ef1f72c0
00000000`ef1f75a8 00000000`ef1f7518
00000000`ef1eb118 00000000`00000001
00000000`ef1eb120 00000000`ef1ebcc0
00000000`ef1eb128 00000000`ef1ebc18
00000000`ef1eb598 00000000`00000001
00000000`ef1eb5a0 00000000`ef1eb2c0
00000000`ef1eb5a8 00000000`ef1eb518
00000000`ef1ea118 00000000`00000001
00000000`ef1ea120 00000000`ef1eacc0
00000000`ef1ea128 00000000`ef1eac18
00000000`ef1ea598 00000000`00000001
00000000`ef1ea5a0 00000000`ef1ea2c0
00000000`ef1ea5a8 00000000`ef1ea518
00000000`ef1f4118 00000000`00000001
00000000`ef1f4120 00000000`ef1f4cc0
00000000`ef1f4128 00000000`ef1f4c18
00000000`ef1f4598 00000000`00000001
00000000`ef1f45a0 00000000`ef1f42c0
00000000`ef1f45a8 00000000`ef1f4518
00000000`ef1f3118 00000000`00000001
00000000`ef1f3120 00000000`ef1f3cc0
00000000`ef1f3128 00000000`ef1f3c18
00000000`ef1f3598 00000000`00000001
00000000`ef1f35a0 00000000`ef1f32c0
00000000`ef1f35a8 00000000`ef1f3518
00000000`ef1f2118 00000000`00000001
00000000`ef1f2120 00000000`ef1f2cc0
00000000`ef1f2128 00000000`ef1f2c18
00000000`ef1f2318 00000000`00000001
00000000`ef1f2320 00000000`ef1f1040
00000000`ef1f2328 00000000`ef1f2218
00000000`ef1f1c18 00000000`00000001
00000000`ef1f1c20 00000000`ef1f12c0
00000000`ef1f1c28 00000000`ef1f1b98
00000000`ef1f1918 00000000`00000001
00000000`ef1f1920 00000000`ef1f1640
00000000`ef1f1928 00000000`ef1f1898
00000000`ef1f0a18 00000000`00000001
00000000`ef1f0a20 00000000`ef1f00c0
00000000`ef1f0a28 00000000`ef1f0998
00000000`ef1f0798 00000000`00000001
00000000`ef1f07a0 00000000`ef1f04c0
00000000`ef1f07a8 00000000`ef1f0718
00000000`ef1efa18 00000000`00000001
00000000`ef1efa20 00000000`ef1ef0c0
00000000`ef1efa28 00000000`ef1ef998
00000000`ef1efd18 00000000`00000001
00000000`ef1efd20 00000000`ef1ee040
00000000`ef1efd28 00000000`ef1efc98
00000000`ef1eec98 00000000`00000001
00000000`ef1eeca0 00000000`ef1ee9c0
00000000`ef1eeca8 00000000`ef1eec18
00000000`ef1ee418 00000000`00000001
00000000`ef1ee420 00000000`efded040
00000000`ef1ee428 00000000`ef1ee398
00000000`efdedc98 00000000`00000001
00000000`efdedca0 00000000`efded9c0
00000000`efdedca8 00000000`efdedc18
00000000`efded418 00000000`00000001
00000000`efded420 00000000`efdef040
00000000`efded428 00000000`efded398
00000000`efdefb18 00000000`00000001
00000000`efdefb20 00000000`efdef440
00000000`efdefb28 00000000`efdefe18
00000000`efdef718 00000000`00000001
00000000`efdef720 00000000`efdfc040
00000000`efdef728 00000000`efdef698
00000000`efdfcc18 00000000`00000001
00000000`efdfcc20 00000000`efdfc740
00000000`efdfcc28 00000000`efdfcb98
00000000`efdfbf18 00000000`00000001
00000000`efdfbf20 00000000`efdfb940
00000000`efdfbf28 00000000`efdfbe98
00000000`efdfb298 00000000`00000001
00000000`efdfb2a0 00000000`ef171040
00000000`efdfb2a8 00000000`ef183d98
00000000`ef171918 00000000`00000001
00000000`ef171920 00000000`ef1715c0
00000000`ef171928 00000000`ef171898
00000000`ef181a98 00000000`00000001
00000000`ef181aa0 00000000`ef1810c0
00000000`ef181aa8 00000000`ef181a18
00000000`ef181918 00000000`00000001
00000000`ef181920 00000000`ef180040
00000000`ef181928 00000000`ef181898
00000000`ef180318 00000000`00000001
00000000`ef180320 00000000`ef1809c0
00000000`ef180328 00000000`ef181618
00000000`ef17df18 00000000`00000001
00000000`ef17df20 00000000`ef1803c0
00000000`ef17df28 00000000`ef17dd18
00000000`ef17d798 00000000`00000001
00000000`ef17d7a0 00000000`ef17d2c0
00000000`ef17d7a8 00000000`ef17d618
00000000`ef191d18 00000000`00000001
00000000`ef191d20 00000000`ef1912c0
00000000`ef191d28 00000000`ef191c98
00000000`ef19bf18 00000000`00000001
00000000`ef19bf20 00000000`ef191540
00000000`ef19bf28 00000000`ef19b018
00000000`ef19bc98 00000000`00000001
00000000`ef19bca0 00000000`ef19b340
00000000`ef19bca8 00000000`ef19bc18
00000000`eebfe318 00000000`00000001
00000000`eebfe320 00000000`eebaa040
00000000`eebfe328 00000000`eebfe998
00000000`eeb77198 00000000`00000001
00000000`eeb771a0 00000000`eeb4dac0
00000000`eeb771a8 00000000`eeb43918再次用上Excel公式:
保存成NDB脚本文件(去掉结尾分号):
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`3ec53900
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef3588c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef326cc0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef3261c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef321140
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef2ef040
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef2ef340
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef3201c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef2fe040
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef31f040
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef31f3c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef31e7c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef31d240
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef31cb40
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef31c2c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef311140
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef319b40
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef319140
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef318c40
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef318240
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef317c40
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef3171c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef316c40
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef3162c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef315b40
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef315140
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef3140c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef314440
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef313c40
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef3132c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef30a540
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef301040
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef3012c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef307b40
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef306040
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef3063c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef304040
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef304440
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef3037c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef302040
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef2ffbc0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef2ff240
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef2fabc0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef2f76c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef2f4040
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef2f01c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef224040
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef224a40
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef225040
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef2253c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef22cbc0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef22c3c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef22b7c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef228740
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef2277c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1fa040
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1fa440
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f9140
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f94c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f8cc0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f82c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f7cc0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f72c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1ebcc0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1eb2c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1eacc0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1ea2c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f4cc0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f42c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f3cc0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f32c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f2cc0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f1040
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f12c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f1640
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f00c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f04c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1ef0c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1ee040
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1ee9c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`efded040
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`efded9c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`efdef040
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`efdef440
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`efdfc040
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`efdfc740
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`efdfb940
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef171040
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1715c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1810c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef180040
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1809c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1803c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef17d2c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1912c0
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef191540
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef19b340
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`eebaa040
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`eeb4dac0
执行结果:
$<d:\lm.txt
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`3ec53900
+0x040 ImageBase : 0x00000000`3ec27000
+0x048 ImageSize : 0x4a000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef3588c0
+0x040 ImageBase : 0x00000000`eff8b000
+0x048 ImageSize : 0x5000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef326cc0
+0x040 ImageBase : 0x00000000`eff81000
+0x048 ImageSize : 0xa000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef3261c0
+0x040 ImageBase : 0x00000000`eaf70000
+0x048 ImageSize : 0x40000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef321140
+0x040 ImageBase : 0x00000000`eff77000
+0x048 ImageSize : 0xa000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef2ef040
+0x040 ImageBase : 0x00000000`eaee0000
+0x048 ImageSize : 0x30000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef2ef340
+0x040 ImageBase : 0x00000000`eae90000
+0x048 ImageSize : 0x40000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef3201c0
+0x040 ImageBase : 0x00000000`eff72000
+0x048 ImageSize : 0x5000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef2fe040
+0x040 ImageBase : 0x00000000`eff52000
+0x048 ImageSize : 0x20000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef31f040
+0x040 ImageBase : 0x00000000`eadf0000
+0x048 ImageSize : 0x40000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef31f3c0
+0x040 ImageBase : 0x00000000`ead50000
+0x048 ImageSize : 0x40000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef31e7c0
+0x040 ImageBase : 0x00000000`eacb0000
+0x048 ImageSize : 0x40000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef31d240
+0x040 ImageBase : 0x00000000`eff4d000
+0x048 ImageSize : 0x5000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef31cb40
+0x040 ImageBase : 0x00000000`eff46000
+0x048 ImageSize : 0x7000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef31c2c0
+0x040 ImageBase : 0x00000000`eff3f000
+0x048 ImageSize : 0x7000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef311140
+0x040 ImageBase : 0x00000000`eff34000
+0x048 ImageSize : 0xb000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef319b40
+0x040 ImageBase : 0x00000000`eff2b000
+0x048 ImageSize : 0x9000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef319140
+0x040 ImageBase : 0x00000000`eff25000
+0x048 ImageSize : 0x6000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef318c40
+0x040 ImageBase : 0x00000000`eff14000
+0x048 ImageSize : 0x11000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef318240
+0x040 ImageBase : 0x00000000`eff0b000
+0x048 ImageSize : 0x9000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef317c40
+0x040 ImageBase : 0x00000000`eff04000
+0x048 ImageSize : 0x7000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef3171c0
+0x040 ImageBase : 0x00000000`efefc000
+0x048 ImageSize : 0x8000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef316c40
+0x040 ImageBase : 0x00000000`efef5000
+0x048 ImageSize : 0x7000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef3162c0
+0x040 ImageBase : 0x00000000`efeef000
+0x048 ImageSize : 0x6000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef315b40
+0x040 ImageBase : 0x00000000`efee8000
+0x048 ImageSize : 0x7000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef315140
+0x040 ImageBase : 0x00000000`efed9000
+0x048 ImageSize : 0xf000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef3140c0
+0x040 ImageBase : 0x00000000`efed3000
+0x048 ImageSize : 0x6000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef314440
+0x040 ImageBase : 0x00000000`efecf000
+0x048 ImageSize : 0x4000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef313c40
+0x040 ImageBase : 0x00000000`eabf0000
+0x048 ImageSize : 0x30000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef3132c0
+0x040 ImageBase : 0x00000000`efec2000
+0x048 ImageSize : 0xd000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef30a540
+0x040 ImageBase : 0x00000000`efeb9000
+0x048 ImageSize : 0x9000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef301040
+0x040 ImageBase : 0x00000000`efeb3000
+0x048 ImageSize : 0x6000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef3012c0
+0x040 ImageBase : 0x00000000`efeab000
+0x048 ImageSize : 0x8000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef307b40
+0x040 ImageBase : 0x00000000`efe8f000
+0x048 ImageSize : 0x1c000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef306040
+0x040 ImageBase : 0x00000000`efe73000
+0x048 ImageSize : 0x1c000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef3063c0
+0x040 ImageBase : 0x00000000`efe5e000
+0x048 ImageSize : 0x15000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef304040
+0x040 ImageBase : 0x00000000`eaafd000
+0x048 ImageSize : 0xb3000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef304440
+0x040 ImageBase : 0x00000000`eaab0000
+0x048 ImageSize : 0x30000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef3037c0
+0x040 ImageBase : 0x00000000`efe59000
+0x048 ImageSize : 0x5000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef302040
+0x040 ImageBase : 0x00000000`eaa70000
+0x048 ImageSize : 0x30000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef2ffbc0
+0x040 ImageBase : 0x00000000`efe51000
+0x048 ImageSize : 0x8000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef2ff240
+0x040 ImageBase : 0x00000000`efe45000
+0x048 ImageSize : 0xc000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef2fabc0
+0x040 ImageBase : 0x00000000`efe36000
+0x048 ImageSize : 0xf000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef2f76c0
+0x040 ImageBase : 0x00000000`efe25000
+0x048 ImageSize : 0x11000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef2f4040
+0x040 ImageBase : 0x00000000`efe0e000
+0x048 ImageSize : 0x17000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef2f01c0
+0x040 ImageBase : 0x00000000`eaa5f000
+0x048 ImageSize : 0x11000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef224040
+0x040 ImageBase : 0x00000000`efe07000
+0x048 ImageSize : 0x7000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef224a40
+0x040 ImageBase : 0x00000000`efe00000
+0x048 ImageSize : 0x7000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef225040
+0x040 ImageBase : 0x00000000`eafc6000
+0x048 ImageSize : 0x6000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef2253c0
+0x040 ImageBase : 0x00000000`eaaf2000
+0x048 ImageSize : 0xb000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef22cbc0
+0x040 ImageBase : 0x00000000`eaa10000
+0x048 ImageSize : 0x30000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef22c3c0
+0x040 ImageBase : 0x00000000`eaa57000
+0x048 ImageSize : 0x8000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef22b7c0
+0x040 ImageBase : 0x00000000`eaa05000
+0x048 ImageSize : 0xb000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef228740
+0x040 ImageBase : 0x00000000`ea9fc000
+0x048 ImageSize : 0x9000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef2277c0
+0x040 ImageBase : 0x00000000`ea9f0000
+0x048 ImageSize : 0xc000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1fa040
+0x040 ImageBase : 0x00000000`eafc0000
+0x048 ImageSize : 0x6000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1fa440
+0x040 ImageBase : 0x00000000`ea9e7000
+0x048 ImageSize : 0x9000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f9140
+0x040 ImageBase : 0x00000000`ea9db000
+0x048 ImageSize : 0xc000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f94c0
+0x040 ImageBase : 0x00000000`ea9ca000
+0x048 ImageSize : 0x11000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f8cc0
+0x040 ImageBase : 0x00000000`ea9bd000
+0x048 ImageSize : 0xd000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f82c0
+0x040 ImageBase : 0x00000000`ea9b3000
+0x048 ImageSize : 0xa000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f7cc0
+0x040 ImageBase : 0x00000000`ea9a9000
+0x048 ImageSize : 0xa000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f72c0
+0x040 ImageBase : 0x00000000`ea9a1000
+0x048 ImageSize : 0x8000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1ebcc0
+0x040 ImageBase : 0x00000000`ea999000
+0x048 ImageSize : 0x8000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1eb2c0
+0x040 ImageBase : 0x00000000`ea991000
+0x048 ImageSize : 0x8000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1eacc0
+0x040 ImageBase : 0x00000000`eaa50000
+0x048 ImageSize : 0x7000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1ea2c0
+0x040 ImageBase : 0x00000000`ea982000
+0x048 ImageSize : 0xf000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f4cc0
+0x040 ImageBase : 0x00000000`ea978000
+0x048 ImageSize : 0xa000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f42c0
+0x040 ImageBase : 0x00000000`ea970000
+0x048 ImageSize : 0x8000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f3cc0
+0x040 ImageBase : 0x00000000`ea966000
+0x048 ImageSize : 0xa000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f32c0
+0x040 ImageBase : 0x00000000`ea958000
+0x048 ImageSize : 0xe000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f2cc0
+0x040 ImageBase : 0x00000000`ea953000
+0x048 ImageSize : 0x5000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f1040
+0x040 ImageBase : 0x00000000`ea948000
+0x048 ImageSize : 0xb000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f12c0
+0x040 ImageBase : 0x00000000`ea93e000
+0x048 ImageSize : 0xa000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f1640
+0x040 ImageBase : 0x00000000`ea930000
+0x048 ImageSize : 0xe000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f00c0
+0x040 ImageBase : 0x00000000`ea926000
+0x048 ImageSize : 0xa000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1f04c0
+0x040 ImageBase : 0x00000000`ea919000
+0x048 ImageSize : 0xd000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1ef0c0
+0x040 ImageBase : 0x00000000`ea902000
+0x048 ImageSize : 0x17000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1ee040
+0x040 ImageBase : 0x00000000`ea8f6000
+0x048 ImageSize : 0xc000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1ee9c0
+0x040 ImageBase : 0x00000000`ea8e9000
+0x048 ImageSize : 0xd000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`efded040
+0x040 ImageBase : 0x00000000`ea8db000
+0x048 ImageSize : 0xe000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`efded9c0
+0x040 ImageBase : 0x00000000`ea8bc000
+0x048 ImageSize : 0x1f000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`efdef040
+0x040 ImageBase : 0x00000000`ea8b0000
+0x048 ImageSize : 0xc000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`efdef440
+0x040 ImageBase : 0x00000000`ea8a3000
+0x048 ImageSize : 0xd000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`efdfc040
+0x040 ImageBase : 0x00000000`ea88d000
+0x048 ImageSize : 0x16000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`efdfc740
+0x040 ImageBase : 0x00000000`ea878000
+0x048 ImageSize : 0x15000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`efdfb940
+0x040 ImageBase : 0x00000000`ea78e000
+0x048 ImageSize : 0xea000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef171040
+0x040 ImageBase : 0x00000000`ea77f000
+0x048 ImageSize : 0xf000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1715c0
+0x040 ImageBase : 0x00000000`ea76e000
+0x048 ImageSize : 0x11000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1810c0
+0x040 ImageBase : 0x00000000`ea759000
+0x048 ImageSize : 0x15000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef180040
+0x040 ImageBase : 0x00000001`80000000
+0x048 ImageSize : 0x23000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1809c0
+0x040 ImageBase : 0x00000000`ea740000
+0x048 ImageSize : 0x19000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1803c0
+0x040 ImageBase : 0x00000000`ea737000
+0x048 ImageSize : 0x9000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef17d2c0
+0x040 ImageBase : 0x00000000`ea721000
+0x048 ImageSize : 0x16000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef1912c0
+0x040 ImageBase : 0x00000000`ea713000
+0x048 ImageSize : 0xe000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef191540
+0x040 ImageBase : 0x00000000`ea707000
+0x048 ImageSize : 0xc000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`ef19b340
+0x040 ImageBase : 0x00000000`ea6ff000
+0x048 ImageSize : 0x8000
kd> dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`eebaa040
+0x040 ImageBase : 0x00000000`e9e74000
+0x048 ImageSize : 0x2c000
kd>
dt -b EFI_LOADED_IMAGE_PROTOCOL ImageBase ImageSize 0`eeb4dac0
+0x040 ImageBase : 0x00000000`e9c62000
+0x048 ImageSize : 0x10e000Module 是列出来了,可是还缺少Module Name,记得log中是有输出的,下断点跟到关键位置:
PeCoffLoaderGetPdbPointer (DebugTable->NormalImage->LoadedImageProtocolInstance->ImageBase);
没想到,在UEFI的环境下,用NDB跟踪了PE文件的加载,在调试器下观察了详细的数据结构。
至此,自己写lm需要的细节已经有了。
一边读PE文件解释的源代码,一边用NDB的调试命令执行源代码中的逻辑,最后看到Module Name字符串了:
da 0`e9c62000
00000000`e9c62000 "MZ"
dt -b EFI_IMAGE_DOS_HEADER 0`e9c62000
+0x000 e_magic : 0x5a4d
+0x002 e_cblp : 0
+0x004 e_cp : 0
+0x006 e_crlc : 0
+0x008 e_cparhdr : 0
+0x00a e_minalloc : 0
+0x00c e_maxalloc : 0
+0x00e e_ss : 0
+0x010 e_sp : 0
+0x012 e_csum : 0
+0x014 e_ip : 0
+0x016 e_cs : 0
+0x018 e_lfarlc : 0
+0x01a e_ovno : 0
+0x01c e_res :
[00] 0
[01] 0
[02] 0
[03] 0
+0x024 e_oemid : 0
+0x026 e_oeminfo : 0
+0x028 e_res2 :
[00] 0
[01] 0
[02] 0
[03] 0
[04] 0
[05] 0
[06] 0
[07] 0
[08] 0
[09] 0
+0x03c e_lfanew : 0xe58
dt -b EFI_IMAGE_NT_HEADERS64 0`e9c62000+0`e58
+0x000 Signature : 0x4550
+0x004 FileHeader :
+0x000 Machine : 0xaa64
+0x002 NumberOfSections : 3
+0x004 TimeDateStamp : 0
+0x008 PointerToSymbolTable : 0
+0x00c NumberOfSymbols : 0
+0x010 SizeOfOptionalHeader : 0xf0
+0x012 Characteristics : 0x2e
+0x018 OptionalHeader :
+0x000 Magic : 0x20b
+0x002 MajorLinkerVersion : 0 ''
+0x003 MinorLinkerVersion : 0 ''
+0x004 SizeOfCode : 0xa2000
+0x008 SizeOfInitializedData : 0x68000
+0x00c SizeOfUninitializedData : 0
+0x010 AddressOfEntryPoint : 0x70b0
+0x014 BaseOfCode : 0x1000
+0x018 ImageBase : 0xe9c62000
+0x020 SectionAlignment : 0x1000
+0x024 FileAlignment : 0x1000
+0x028 MajorOperatingSystemVersion : 0
+0x02a MinorOperatingSystemVersion : 0
+0x02c MajorImageVersion : 0
+0x02e MinorImageVersion : 0
+0x030
MajorSubsystemVersion : 0
+0x032 MinorSubsystemVersion : 0
+0x034 Win32VersionValue : 0
+0x038 SizeOfImage : 0x10e000
+0x03c SizeOfHeaders : 0x1000
+0x040 CheckSum : 0
+0x044 Subsystem : 0xa
+0x046 DllCharacteristics : 0
+0x048 SizeOfStackReserve : 0
+0x050 SizeOfStackCommit : 0
+0x058 SizeOfHeapReserve : 0
+0x060 SizeOfHeapCommit : 0
+0x068 LoaderFlags : 0
+0x06c NumberOfRvaAndSizes : 0x10
+0x070 DataDirectory :
[00]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[01]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[02]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[03]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[04]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[05]
+0x000 VirtualAddress :
0x10b000
+0x004 Size : 0x3000
[06]
+0x000 VirtualAddress : 0x10a0f8
+0x004 Size : 0x1c
[07]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[08]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[09]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[10]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[11]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[12]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[13]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[14]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[15]
+0x000 VirtualAddress : 0
+0x004 Size : 0
db 0`e9c62000+0x10a0f8+1c l100
00000000`e9d6c114 4e 42 31 30 00 00 00 00-00 00 00 00 00 00 00 00 NB10............
00000000`e9d6c124 2f 68 6f 6d 65 2f 67 65-64 75 65 72 2f 55 45 46 /home/geduer/UEF
00000000`e9d6c134 49 2f 65 64 6b 32 2d 79-6f 75 72 6c 61 6e 64 32 I/edk2-yourland2
00000000`e9d6c144 30 32 34 2f 77 6f 72 6b-73 70 61 63 65 2f 42 75 024/workspace/Bu
00000000`e9d6c154 69 6c 64 2f 59 6f 75 72-4c 61 6e 64 2f 44 45 42 ild/YourLand/DEB
00000000`e9d6c164 55 47 5f 47 43 43 2f 41-41 52 43 48 36 34 2f 53 UG_GCC/AARCH64/S
00000000`e9d6c174 68 65 6c 6c 50 6b 67 2f-41 70 70 6c 69 63 61 74 hellPkg/Applicat
00000000`e9d6c184 69 6f 6e 2f 53 68 65 6c-6c 2f 53 68 65 6c 6c 2f ion/Shell/Shell/
00000000`e9d6c194 44 45 42 55 47 2f 53 68-65 6c 6c 2e 64 6c 6c 00 DEBUG/Shell.dll.
00000000`e9d6c1a4 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000000`e9d6c1b4 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000000`e9d6c1c4 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000000`e9d6c1d4 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000000`e9d6c1e4 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000000`e9d6c1f4 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000000`e9d6c204 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
kd>
微信群里发给张老师的感受
@格蠹-张银奎 张老师,这些天,在NDB下,读UEFI源代码,然后用NDB的DT等命令来脚本执行自己对源代码的翻译,直接观察内存的鲜活的数据,相当于用脚本语言重新写一遍自己理解的C代码,立即交叉校验自己的理解,相对于之前的一条条跟进汇编指令,大大地提高了效率(有时单步跟汇编也是有好处的,因其已到最细的步骤)。目前对UEFI下面的内存管理、协议、Dxe管理等,通过直观情景下的观察,有了些微熟悉的感觉。
期待NDB的dt .list .foreach .if 等语句全部能正常执行,那就更赞了。
总之,用NDB调试命令脚本,重写自己理解的代码,交叉校验,有助于学习理解,效率不错。
张老师点了个赞。
额外的收获:
NDB 命令lm少列出以下几项:
一个Module没有找到NB10相应的Module Name字符串
dt -b EFI_IMAGE_DOS_HEADER 00000000`ea740000
+0x000 e_magic : 0x5a4d
+0x002 e_cblp : 0
+0x004 e_cp : 0
+0x006 e_crlc : 0
+0x008 e_cparhdr : 0
+0x00a e_minalloc : 0
+0x00c e_maxalloc : 0
+0x00e e_ss : 0
+0x010 e_sp : 0
+0x012 e_csum : 0
+0x014 e_ip : 0
+0x016 e_cs : 0
+0x018 e_lfarlc : 0
+0x01a e_ovno : 0
+0x01c e_res :
[00] 0
[01] 0
[02] 0
[03] 0
+0x024 e_oemid : 0
+0x026 e_oeminfo : 0
+0x028 e_res2 :
[00] 0
[01] 0
[02] 0
[03] 0
[04] 0
[05] 0
[06] 0
[07] 0
[08] 0
[09] 0
+0x03c e_lfanew : 0xb8
dt -b EFI_IMAGE_NT_HEADERS64 00000000`ea740000+0`b8
+0x000 Signature : 0x4550
+0x004 FileHeader :
+0x000 Machine : 0xaa64
+0x002 NumberOfSections : 6
+0x004 TimeDateStamp : 0
+0x008 PointerToSymbolTable : 0
+0x00c NumberOfSymbols : 0
+0x010 SizeOfOptionalHeader : 0xf0
+0x012 Characteristics : 0x2022
+0x018 OptionalHeader :
+0x000 Magic : 0x20b
+0x002 MajorLinkerVersion : 0xe ''
+0x003 MinorLinkerVersion : 0x10 ''
+0x004 SizeOfCode : 0xe600
+0x008 SizeOfInitializedData : 0x5000
+0x00c SizeOfUninitializedData : 0
+0x010 AddressOfEntryPoint : 0x2008
+0x014 BaseOfCode : 0x1000
+0x018 ImageBase : 0xea740000
+0x020 SectionAlignment : 0x1000
+0x024 FileAlignment : 0x200
+0x028 MajorOperatingSystemVersion : 0
+0x02a MinorOperatingSystemVersion : 0
+0x02c MajorImageVersion : 0
+0x02e MinorImageVersion : 0
+0x030 MajorSubsystemVersion : 0
+0x032 MinorSubsystemVersion : 0
+0x034 Win32VersionValue : 0
+0x038 SizeOfImage : 0x19000
+0x03c SizeOfHeaders : 0x400
+0x040 CheckSum : 0x18054
+0x044 Subsystem : 0xb
+0x046 DllCharacteristics : 0
+0x048 SizeOfStackReserve : 0
+0x050 SizeOfStackCommit : 0
+0x058 SizeOfHeapReserve : 0
+0x060 SizeOfHeapCommit : 0
+0x068 LoaderFlags : 0
+0x06c NumberOfRvaAndSizes : 0x10
+0x070 DataDirectory :
[00]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[01]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[02]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[03]
+0x000 VirtualAddress : 0x16000
+0x004 Size : 0x380
[04]
+0x000 VirtualAddress : 0x13a00
+0x004 Size : 0x2230
[05]
+0x000 VirtualAddress : 0x18000
+0x004 Size : 0x104
[06]
+0x000 VirtualAddress : 0x15040
+0x004 Size : 0x1c
[07]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[08]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[09]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[10]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[11]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[12]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[13]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[14]
+0x000 VirtualAddress : 0
+0x004 Size : 0
[15]
+0x000 VirtualAddress : 0
+0x004 Size : 0
da 00000000`ea740000+15040+1c+10
00000000`ea75506c ""
db 00000000`ea740000+15040
00000000`ea755040 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000000`ea755050 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000000`ea755060 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000000`ea755070 18 00 fd ef 00 00 00 00-d8 31 c5 3e 00 00 00 00 .........1.>....
00000000`ea755080 18 16 18 ef 00 00 00 00-18 ff fd ef 00 00 00 00 ................
00000000`ea755090 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000000`ea7550a0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000000`ea7550b0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................遇到一项疑似是RtkUsbUndiDxe(转储出来二进制分析,但又不同,奇怪)
.writemem D:\Gedu\ea740000.bin 0`ea740000 L?0`19000哦,原来是没有源码的驱动:
通过与符号文件列表对比,发现这些模块是还没有加载的
作者:朱博渊 创建时间:2024-04-30 20:08
最后编辑:朱博渊 更新时间:2024-11-15 17:44
最后编辑:朱博渊 更新时间:2024-11-15 17:44
